xmrig | 9005225e5de7a38412d6927fda45c83c9737554dab51380ddbb5fb8a586f75d9

Analysis

max time kernel
133s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
Size

1.1MB
MD5

00b18acf940a7218f88a55e516943d59
SHA1

0e80861824e350e251e2624154937ecdd8f9b933
SHA256

9005225e5de7a38412d6927fda45c83c9737554dab51380ddbb5fb8a586f75d9
SHA512

ea864d7e6d14b86a67021ee2c7ea60d1f76e943e02cb993993056cad7d67da1b73a1422de5cbd96db0b85a1323e7db34bfbbd313a20089c22e33f77d932dd099
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS8Ykgc3uFea:knw9oUUEEDl+xTMS8Tgtea

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/644-40-0x00007FF733860000-0x00007FF733C51000-memory.dmp	xmrig
behavioral2/memory/1604-62-0x00007FF770880000-0x00007FF770C71000-memory.dmp	xmrig
behavioral2/memory/2356-76-0x00007FF725F70000-0x00007FF726361000-memory.dmp	xmrig
behavioral2/memory/2748-267-0x00007FF6B6310000-0x00007FF6B6701000-memory.dmp	xmrig
behavioral2/memory/4460-273-0x00007FF71E3D0000-0x00007FF71E7C1000-memory.dmp	xmrig
behavioral2/memory/1812-284-0x00007FF733870000-0x00007FF733C61000-memory.dmp	xmrig
behavioral2/memory/3212-268-0x00007FF7A7AC0000-0x00007FF7A7EB1000-memory.dmp	xmrig
behavioral2/memory/2220-82-0x00007FF7F2900000-0x00007FF7F2CF1000-memory.dmp	xmrig
behavioral2/memory/3040-78-0x00007FF79F3E0000-0x00007FF79F7D1000-memory.dmp	xmrig
behavioral2/memory/2052-69-0x00007FF6C05C0000-0x00007FF6C09B1000-memory.dmp	xmrig
behavioral2/memory/4112-67-0x00007FF7C08C0000-0x00007FF7C0CB1000-memory.dmp	xmrig
behavioral2/memory/5056-64-0x00007FF74BD60000-0x00007FF74C151000-memory.dmp	xmrig
behavioral2/memory/2248-59-0x00007FF77DE10000-0x00007FF77E201000-memory.dmp	xmrig
behavioral2/memory/4708-55-0x00007FF7E1D50000-0x00007FF7E2141000-memory.dmp	xmrig
behavioral2/memory/2408-302-0x00007FF7C9850000-0x00007FF7C9C41000-memory.dmp	xmrig
behavioral2/memory/3504-286-0x00007FF6A8970000-0x00007FF6A8D61000-memory.dmp	xmrig
behavioral2/memory/244-311-0x00007FF6E4DB0000-0x00007FF6E51A1000-memory.dmp	xmrig
behavioral2/memory/3420-314-0x00007FF788280000-0x00007FF788671000-memory.dmp	xmrig
behavioral2/memory/3036-316-0x00007FF70DE40000-0x00007FF70E231000-memory.dmp	xmrig
behavioral2/memory/3492-315-0x00007FF74CE30000-0x00007FF74D221000-memory.dmp	xmrig
behavioral2/memory/4896-317-0x00007FF707090000-0x00007FF707481000-memory.dmp	xmrig
behavioral2/memory/448-318-0x00007FF7ECF20000-0x00007FF7ED311000-memory.dmp	xmrig
behavioral2/memory/5048-334-0x00007FF7B6AF0000-0x00007FF7B6EE1000-memory.dmp	xmrig
behavioral2/memory/3416-347-0x00007FF655EA0000-0x00007FF656291000-memory.dmp	xmrig
behavioral2/memory/832-388-0x00007FF6E21F0000-0x00007FF6E25E1000-memory.dmp	xmrig
behavioral2/memory/4664-376-0x00007FF632CF0000-0x00007FF6330E1000-memory.dmp	xmrig
behavioral2/memory/3348-395-0x00007FF643F50000-0x00007FF644341000-memory.dmp	xmrig
behavioral2/memory/2820-401-0x00007FF61F730000-0x00007FF61FB21000-memory.dmp	xmrig
behavioral2/memory/2452-419-0x00007FF6F1410000-0x00007FF6F1801000-memory.dmp	xmrig
behavioral2/memory/3792-424-0x00007FF6B9350000-0x00007FF6B9741000-memory.dmp	xmrig
behavioral2/memory/1904-422-0x00007FF76BDB0000-0x00007FF76C1A1000-memory.dmp	xmrig
behavioral2/memory/5008-415-0x00007FF6A0220000-0x00007FF6A0611000-memory.dmp	xmrig
behavioral2/memory/3956-362-0x00007FF6D2790000-0x00007FF6D2B81000-memory.dmp	xmrig
behavioral2/memory/544-356-0x00007FF78EE50000-0x00007FF78F241000-memory.dmp	xmrig
behavioral2/memory/1472-322-0x00007FF770280000-0x00007FF770671000-memory.dmp	xmrig
behavioral2/memory/4504-320-0x00007FF6FC350000-0x00007FF6FC741000-memory.dmp	xmrig
behavioral2/memory/1408-431-0x00007FF798A40000-0x00007FF798E31000-memory.dmp	xmrig
behavioral2/memory/4060-443-0x00007FF7BA090000-0x00007FF7BA481000-memory.dmp	xmrig
behavioral2/memory/760-437-0x00007FF71B630000-0x00007FF71BA21000-memory.dmp	xmrig
behavioral2/memory/1236-446-0x00007FF7F3170000-0x00007FF7F3561000-memory.dmp	xmrig
behavioral2/memory/4952-468-0x00007FF6C0F90000-0x00007FF6C1381000-memory.dmp	xmrig
behavioral2/memory/1980-470-0x00007FF7EDA70000-0x00007FF7EDE61000-memory.dmp	xmrig
behavioral2/memory/2464-480-0x00007FF634F00000-0x00007FF6352F1000-memory.dmp	xmrig
behavioral2/memory/516-484-0x00007FF7351D0000-0x00007FF7355C1000-memory.dmp	xmrig
behavioral2/memory/4428-490-0x00007FF7A90C0000-0x00007FF7A94B1000-memory.dmp	xmrig
behavioral2/memory/5084-492-0x00007FF712020000-0x00007FF712411000-memory.dmp	xmrig
behavioral2/memory/2072-497-0x00007FF735570000-0x00007FF735961000-memory.dmp	xmrig
behavioral2/memory/4512-502-0x00007FF6FBC40000-0x00007FF6FC031000-memory.dmp	xmrig
behavioral2/memory/4984-507-0x00007FF726DB0000-0x00007FF7271A1000-memory.dmp	xmrig
behavioral2/memory/4652-509-0x00007FF7D21A0000-0x00007FF7D2591000-memory.dmp	xmrig
behavioral2/memory/4808-511-0x00007FF79E710000-0x00007FF79EB01000-memory.dmp	xmrig
behavioral2/memory/864-515-0x00007FF726880000-0x00007FF726C71000-memory.dmp	xmrig
behavioral2/memory/2836-508-0x00007FF6EAC20000-0x00007FF6EB011000-memory.dmp	xmrig
behavioral2/memory/4624-495-0x00007FF6BF1A0000-0x00007FF6BF591000-memory.dmp	xmrig
behavioral2/memory/2712-489-0x00007FF78DBD0000-0x00007FF78DFC1000-memory.dmp	xmrig
behavioral2/memory/3452-486-0x00007FF7E42B0000-0x00007FF7E46A1000-memory.dmp	xmrig
behavioral2/memory/4804-461-0x00007FF7D08F0000-0x00007FF7D0CE1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1492	XBgxOjz.exe
3068	YZHqaXH.exe
644	blibXGy.exe
628	yzdLHHt.exe
4708	njZdiya.exe
4112	dAmHADr.exe
2248	KUCdISM.exe
1604	ypZLzKF.exe
2052	BIZGBBl.exe
5056	LTFcYRs.exe
2356	aIuRtEp.exe
3040	KqUucJi.exe
2220	odkMcWW.exe
2188	BzRvuBb.exe
1292	fPUuQra.exe
4340	vajoSau.exe
3044	QNOAafO.exe
2748	cqyWOJP.exe
3212	aSsfCDh.exe
4460	cPTUwcu.exe
1812	WJKAKPN.exe
3504	LzWWFvn.exe
2408	xJJmGQG.exe
244	ofQUXIK.exe
3420	uOaSrao.exe
3492	wXqQtnQ.exe
3036	KCobfjY.exe
4896	pqCRtBS.exe
448	aBPyCHv.exe
4504	tnuFGyV.exe
1472	WROfixU.exe
5048	FHhGSoK.exe
3416	JxQnuoW.exe
544	YeCMGmS.exe
3956	BSKaTsr.exe
4664	xLHfTuJ.exe
832	NvLzjiP.exe
3348	JwdOcNH.exe
2820	lEMPQWX.exe
5008	RETNSaY.exe
2452	PuvNXqE.exe
1904	ZNusIya.exe
3792	hOUVBmP.exe
1408	TJAGAPy.exe
760	QJvWlpV.exe
4060	gxQBHuB.exe
1236	eXWRYBY.exe
4804	TZLEakr.exe
4952	lqMZUdk.exe
1980	Klqdpvb.exe
2464	PbFFuzw.exe
516	RWgQxeF.exe
3452	qxdnDFg.exe
2712	yOTnSjv.exe
4428	BJoHOOq.exe
5084	rnanZHo.exe
4624	wwssEaL.exe
2072	psCHreh.exe
4512	vnWbnSP.exe
4984	lIBPazR.exe
2836	GzyFmum.exe
116	BizmuNS.exe
2828	vmkUrBt.exe
4652	TOqAroZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4360-0-0x00007FF6A80C0000-0x00007FF6A84B1000-memory.dmp	upx
behavioral2/files/0x0008000000023404-5.dat	upx
behavioral2/memory/1492-9-0x00007FF67A8E0000-0x00007FF67ACD1000-memory.dmp	upx
behavioral2/files/0x000700000002340b-18.dat	upx
behavioral2/files/0x000700000002340c-23.dat	upx
behavioral2/memory/628-28-0x00007FF7D47E0000-0x00007FF7D4BD1000-memory.dmp	upx
behavioral2/files/0x000700000002340e-37.dat	upx
behavioral2/memory/644-40-0x00007FF733860000-0x00007FF733C51000-memory.dmp	upx
behavioral2/files/0x000700000002340f-45.dat	upx
behavioral2/files/0x0007000000023411-53.dat	upx
behavioral2/files/0x0007000000023412-60.dat	upx
behavioral2/memory/1604-62-0x00007FF770880000-0x00007FF770C71000-memory.dmp	upx
behavioral2/files/0x0007000000023413-65.dat	upx
behavioral2/files/0x0007000000023414-75.dat	upx
behavioral2/memory/2356-76-0x00007FF725F70000-0x00007FF726361000-memory.dmp	upx
behavioral2/files/0x0007000000023415-83.dat	upx
behavioral2/files/0x0008000000023408-85.dat	upx
behavioral2/files/0x0007000000023416-93.dat	upx
behavioral2/files/0x0007000000023417-101.dat	upx
behavioral2/files/0x000700000002341a-114.dat	upx
behavioral2/files/0x000700000002341b-121.dat	upx
behavioral2/files/0x000700000002341c-127.dat	upx
behavioral2/files/0x000700000002341e-134.dat	upx
behavioral2/files/0x000700000002341f-139.dat	upx
behavioral2/files/0x0007000000023422-156.dat	upx
behavioral2/files/0x0007000000023425-169.dat	upx
behavioral2/memory/2748-267-0x00007FF6B6310000-0x00007FF6B6701000-memory.dmp	upx
behavioral2/memory/4460-273-0x00007FF71E3D0000-0x00007FF71E7C1000-memory.dmp	upx
behavioral2/memory/1812-284-0x00007FF733870000-0x00007FF733C61000-memory.dmp	upx
behavioral2/memory/3212-268-0x00007FF7A7AC0000-0x00007FF7A7EB1000-memory.dmp	upx
behavioral2/memory/4340-265-0x00007FF6283D0000-0x00007FF6287C1000-memory.dmp	upx
behavioral2/files/0x0007000000023426-176.dat	upx
behavioral2/files/0x0007000000023424-166.dat	upx
behavioral2/files/0x0007000000023423-162.dat	upx
behavioral2/files/0x0007000000023421-152.dat	upx
behavioral2/files/0x0007000000023420-146.dat	upx
behavioral2/files/0x000700000002341d-131.dat	upx
behavioral2/files/0x0007000000023419-111.dat	upx
behavioral2/files/0x0007000000023418-107.dat	upx
behavioral2/memory/1292-92-0x00007FF6F37E0000-0x00007FF6F3BD1000-memory.dmp	upx
behavioral2/memory/2188-86-0x00007FF7CA810000-0x00007FF7CAC01000-memory.dmp	upx
behavioral2/memory/2220-82-0x00007FF7F2900000-0x00007FF7F2CF1000-memory.dmp	upx
behavioral2/memory/3040-78-0x00007FF79F3E0000-0x00007FF79F7D1000-memory.dmp	upx
behavioral2/memory/2052-69-0x00007FF6C05C0000-0x00007FF6C09B1000-memory.dmp	upx
behavioral2/memory/4112-67-0x00007FF7C08C0000-0x00007FF7C0CB1000-memory.dmp	upx
behavioral2/memory/5056-64-0x00007FF74BD60000-0x00007FF74C151000-memory.dmp	upx
behavioral2/memory/2248-59-0x00007FF77DE10000-0x00007FF77E201000-memory.dmp	upx
behavioral2/files/0x0007000000023410-56.dat	upx
behavioral2/memory/4708-55-0x00007FF7E1D50000-0x00007FF7E2141000-memory.dmp	upx
behavioral2/files/0x000700000002340d-38.dat	upx
behavioral2/files/0x0008000000023407-26.dat	upx
behavioral2/memory/3068-17-0x00007FF7E4700000-0x00007FF7E4AF1000-memory.dmp	upx
behavioral2/files/0x000300000001e9b1-10.dat	upx
behavioral2/memory/2408-302-0x00007FF7C9850000-0x00007FF7C9C41000-memory.dmp	upx
behavioral2/memory/3504-286-0x00007FF6A8970000-0x00007FF6A8D61000-memory.dmp	upx
behavioral2/memory/244-311-0x00007FF6E4DB0000-0x00007FF6E51A1000-memory.dmp	upx
behavioral2/memory/3420-314-0x00007FF788280000-0x00007FF788671000-memory.dmp	upx
behavioral2/memory/3036-316-0x00007FF70DE40000-0x00007FF70E231000-memory.dmp	upx
behavioral2/memory/3492-315-0x00007FF74CE30000-0x00007FF74D221000-memory.dmp	upx
behavioral2/memory/4896-317-0x00007FF707090000-0x00007FF707481000-memory.dmp	upx
behavioral2/memory/448-318-0x00007FF7ECF20000-0x00007FF7ED311000-memory.dmp	upx
behavioral2/memory/5048-334-0x00007FF7B6AF0000-0x00007FF7B6EE1000-memory.dmp	upx
behavioral2/memory/3416-347-0x00007FF655EA0000-0x00007FF656291000-memory.dmp	upx
behavioral2/memory/832-388-0x00007FF6E21F0000-0x00007FF6E25E1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\lrVMKcC.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\JsvnMbq.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\UzCFwAL.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\bYyYZqi.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\aIuRtEp.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\cMSRDWO.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\jVrWmUI.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\DijoYFg.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\dnkbLAq.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\CdEXMSV.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\SvUWmQd.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\QJvWlpV.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\zBWnwfq.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\FdBGoiJ.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\KCobfjY.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\NvLzjiP.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\kTOgvig.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\wcTqExK.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\ADXVcPZ.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\zKXiUjw.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\YceMrsU.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\KdFLnrO.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\sUajffp.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\saAHBJB.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\ahxovRF.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\mmdqSMq.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\BOFBbkA.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\PncltQg.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\GbaKpPt.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\MCrQooC.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\lIBPazR.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\ZjCnBxc.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\TSmDavO.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\FzrDnch.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\gQkifiP.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\tbJizJA.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\BMAsoqu.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\MRJhGtQ.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\BzRvuBb.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\BizmuNS.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\ZnVlJZF.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\KmJJwGL.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\sIZfVDW.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\GplJXbD.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\WDOYlAg.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\cXLfriO.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\vNZItGR.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\aAaRAPs.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\RWgQxeF.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\FqLfAjk.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\bqUWXxh.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\BbPLLQt.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\FwIuFdS.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\AMfYuwV.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\ucHXRFf.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\rGXFHfE.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\IFBmAso.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\EIUmUMO.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\BSKaTsr.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\AarFEFC.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\SaIBItY.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\qgZjeid.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\psCHreh.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
File created	C:\Windows\System32\gVxzbzR.exe	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1492	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	90
PID 4360 wrote to memory of 1492	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	90
PID 4360 wrote to memory of 3068	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	91
PID 4360 wrote to memory of 3068	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	91
PID 4360 wrote to memory of 628	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	92
PID 4360 wrote to memory of 628	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	92
PID 4360 wrote to memory of 644	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	93
PID 4360 wrote to memory of 644	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	93
PID 4360 wrote to memory of 4708	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	94
PID 4360 wrote to memory of 4708	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	94
PID 4360 wrote to memory of 4112	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	95
PID 4360 wrote to memory of 4112	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	95
PID 4360 wrote to memory of 2248	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	96
PID 4360 wrote to memory of 2248	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	96
PID 4360 wrote to memory of 1604	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	97
PID 4360 wrote to memory of 1604	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	97
PID 4360 wrote to memory of 5056	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	98
PID 4360 wrote to memory of 5056	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	98
PID 4360 wrote to memory of 2052	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	99
PID 4360 wrote to memory of 2052	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	99
PID 4360 wrote to memory of 2356	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	100
PID 4360 wrote to memory of 2356	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	100
PID 4360 wrote to memory of 3040	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	101
PID 4360 wrote to memory of 3040	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	101
PID 4360 wrote to memory of 2220	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	102
PID 4360 wrote to memory of 2220	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	102
PID 4360 wrote to memory of 2188	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	103
PID 4360 wrote to memory of 2188	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	103
PID 4360 wrote to memory of 1292	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	104
PID 4360 wrote to memory of 1292	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	104
PID 4360 wrote to memory of 4340	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	105
PID 4360 wrote to memory of 4340	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	105
PID 4360 wrote to memory of 3044	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	106
PID 4360 wrote to memory of 3044	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	106
PID 4360 wrote to memory of 2748	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	107
PID 4360 wrote to memory of 2748	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	107
PID 4360 wrote to memory of 3212	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	108
PID 4360 wrote to memory of 3212	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	108
PID 4360 wrote to memory of 4460	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	109
PID 4360 wrote to memory of 4460	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	109
PID 4360 wrote to memory of 1812	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	110
PID 4360 wrote to memory of 1812	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	110
PID 4360 wrote to memory of 3504	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	111
PID 4360 wrote to memory of 3504	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	111
PID 4360 wrote to memory of 2408	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	112
PID 4360 wrote to memory of 2408	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	112
PID 4360 wrote to memory of 244	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	113
PID 4360 wrote to memory of 244	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	113
PID 4360 wrote to memory of 3420	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	114
PID 4360 wrote to memory of 3420	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	114
PID 4360 wrote to memory of 3492	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	115
PID 4360 wrote to memory of 3492	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	115
PID 4360 wrote to memory of 3036	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	116
PID 4360 wrote to memory of 3036	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	116
PID 4360 wrote to memory of 4896	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	117
PID 4360 wrote to memory of 4896	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	117
PID 4360 wrote to memory of 448	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	118
PID 4360 wrote to memory of 448	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	118
PID 4360 wrote to memory of 4504	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	119
PID 4360 wrote to memory of 4504	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	119
PID 4360 wrote to memory of 1472	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	120
PID 4360 wrote to memory of 1472	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	120
PID 4360 wrote to memory of 5048	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	121
PID 4360 wrote to memory of 5048	4360	00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe	121

C:\Users\Admin\AppData\Local\Temp\00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00b18acf940a7218f88a55e516943d59_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Windows\System32\XBgxOjz.exe
  C:\Windows\System32\XBgxOjz.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System32\YZHqaXH.exe
  C:\Windows\System32\YZHqaXH.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System32\yzdLHHt.exe
  C:\Windows\System32\yzdLHHt.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System32\blibXGy.exe
  C:\Windows\System32\blibXGy.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System32\njZdiya.exe
  C:\Windows\System32\njZdiya.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System32\dAmHADr.exe
  C:\Windows\System32\dAmHADr.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System32\KUCdISM.exe
  C:\Windows\System32\KUCdISM.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System32\ypZLzKF.exe
  C:\Windows\System32\ypZLzKF.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System32\LTFcYRs.exe
  C:\Windows\System32\LTFcYRs.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System32\BIZGBBl.exe
  C:\Windows\System32\BIZGBBl.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System32\aIuRtEp.exe
  C:\Windows\System32\aIuRtEp.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System32\KqUucJi.exe
  C:\Windows\System32\KqUucJi.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System32\odkMcWW.exe
  C:\Windows\System32\odkMcWW.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System32\BzRvuBb.exe
  C:\Windows\System32\BzRvuBb.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System32\fPUuQra.exe
  C:\Windows\System32\fPUuQra.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System32\vajoSau.exe
  C:\Windows\System32\vajoSau.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\QNOAafO.exe
  C:\Windows\System32\QNOAafO.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System32\cqyWOJP.exe
  C:\Windows\System32\cqyWOJP.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System32\aSsfCDh.exe
  C:\Windows\System32\aSsfCDh.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System32\cPTUwcu.exe
  C:\Windows\System32\cPTUwcu.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System32\WJKAKPN.exe
  C:\Windows\System32\WJKAKPN.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System32\LzWWFvn.exe
  C:\Windows\System32\LzWWFvn.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System32\xJJmGQG.exe
  C:\Windows\System32\xJJmGQG.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System32\ofQUXIK.exe
  C:\Windows\System32\ofQUXIK.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System32\uOaSrao.exe
  C:\Windows\System32\uOaSrao.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System32\wXqQtnQ.exe
  C:\Windows\System32\wXqQtnQ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System32\KCobfjY.exe
  C:\Windows\System32\KCobfjY.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System32\pqCRtBS.exe
  C:\Windows\System32\pqCRtBS.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\aBPyCHv.exe
  C:\Windows\System32\aBPyCHv.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System32\tnuFGyV.exe
  C:\Windows\System32\tnuFGyV.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System32\WROfixU.exe
  C:\Windows\System32\WROfixU.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System32\FHhGSoK.exe
  C:\Windows\System32\FHhGSoK.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\JxQnuoW.exe
  C:\Windows\System32\JxQnuoW.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System32\YeCMGmS.exe
  C:\Windows\System32\YeCMGmS.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\BSKaTsr.exe
  C:\Windows\System32\BSKaTsr.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System32\xLHfTuJ.exe
  C:\Windows\System32\xLHfTuJ.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System32\NvLzjiP.exe
  C:\Windows\System32\NvLzjiP.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System32\JwdOcNH.exe
  C:\Windows\System32\JwdOcNH.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System32\lEMPQWX.exe
  C:\Windows\System32\lEMPQWX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System32\RETNSaY.exe
  C:\Windows\System32\RETNSaY.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System32\PuvNXqE.exe
  C:\Windows\System32\PuvNXqE.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System32\ZNusIya.exe
  C:\Windows\System32\ZNusIya.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System32\hOUVBmP.exe
  C:\Windows\System32\hOUVBmP.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System32\TJAGAPy.exe
  C:\Windows\System32\TJAGAPy.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System32\QJvWlpV.exe
  C:\Windows\System32\QJvWlpV.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System32\gxQBHuB.exe
  C:\Windows\System32\gxQBHuB.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System32\eXWRYBY.exe
  C:\Windows\System32\eXWRYBY.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System32\TZLEakr.exe
  C:\Windows\System32\TZLEakr.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System32\lqMZUdk.exe
  C:\Windows\System32\lqMZUdk.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\Klqdpvb.exe
  C:\Windows\System32\Klqdpvb.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System32\PbFFuzw.exe
  C:\Windows\System32\PbFFuzw.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\RWgQxeF.exe
  C:\Windows\System32\RWgQxeF.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System32\qxdnDFg.exe
  C:\Windows\System32\qxdnDFg.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System32\yOTnSjv.exe
  C:\Windows\System32\yOTnSjv.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System32\BJoHOOq.exe
  C:\Windows\System32\BJoHOOq.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System32\rnanZHo.exe
  C:\Windows\System32\rnanZHo.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System32\wwssEaL.exe
  C:\Windows\System32\wwssEaL.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System32\psCHreh.exe
  C:\Windows\System32\psCHreh.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System32\vnWbnSP.exe
  C:\Windows\System32\vnWbnSP.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\lIBPazR.exe
  C:\Windows\System32\lIBPazR.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System32\GzyFmum.exe
  C:\Windows\System32\GzyFmum.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System32\BizmuNS.exe
  C:\Windows\System32\BizmuNS.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System32\vmkUrBt.exe
  C:\Windows\System32\vmkUrBt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System32\TOqAroZ.exe
  C:\Windows\System32\TOqAroZ.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System32\ZjCnBxc.exe
  C:\Windows\System32\ZjCnBxc.exe
  2⤵
  PID:4808
- C:\Windows\System32\IEWGmHH.exe
  C:\Windows\System32\IEWGmHH.exe
  2⤵
  PID:864
- C:\Windows\System32\qpLZCfd.exe
  C:\Windows\System32\qpLZCfd.exe
  2⤵
  PID:3468
- C:\Windows\System32\kDEyBzP.exe
  C:\Windows\System32\kDEyBzP.exe
  2⤵
  PID:4436
- C:\Windows\System32\NaMkePo.exe
  C:\Windows\System32\NaMkePo.exe
  2⤵
  PID:1940
- C:\Windows\System32\zBWnwfq.exe
  C:\Windows\System32\zBWnwfq.exe
  2⤵
  PID:3980
- C:\Windows\System32\xjjBuFo.exe
  C:\Windows\System32\xjjBuFo.exe
  2⤵
  PID:4056
- C:\Windows\System32\YpbVjPa.exe
  C:\Windows\System32\YpbVjPa.exe
  2⤵
  PID:2244
- C:\Windows\System32\FgWKCwQ.exe
  C:\Windows\System32\FgWKCwQ.exe
  2⤵
  PID:1936
- C:\Windows\System32\MUQVOzM.exe
  C:\Windows\System32\MUQVOzM.exe
  2⤵
  PID:1908
- C:\Windows\System32\WmZhGNV.exe
  C:\Windows\System32\WmZhGNV.exe
  2⤵
  PID:2696
- C:\Windows\System32\VyyzFcY.exe
  C:\Windows\System32\VyyzFcY.exe
  2⤵
  PID:4068
- C:\Windows\System32\xKzVxzg.exe
  C:\Windows\System32\xKzVxzg.exe
  2⤵
  PID:5240
- C:\Windows\System32\qRnSswM.exe
  C:\Windows\System32\qRnSswM.exe
  2⤵
  PID:5264
- C:\Windows\System32\ZbGMGJg.exe
  C:\Windows\System32\ZbGMGJg.exe
  2⤵
  PID:5288
- C:\Windows\System32\mEreCVS.exe
  C:\Windows\System32\mEreCVS.exe
  2⤵
  PID:5308
- C:\Windows\System32\ZykVaug.exe
  C:\Windows\System32\ZykVaug.exe
  2⤵
  PID:5324
- C:\Windows\System32\IzTLGJJ.exe
  C:\Windows\System32\IzTLGJJ.exe
  2⤵
  PID:5376
- C:\Windows\System32\gTBdHoc.exe
  C:\Windows\System32\gTBdHoc.exe
  2⤵
  PID:5396
- C:\Windows\System32\yJTsfzi.exe
  C:\Windows\System32\yJTsfzi.exe
  2⤵
  PID:5412
- C:\Windows\System32\qrUUkPQ.exe
  C:\Windows\System32\qrUUkPQ.exe
  2⤵
  PID:5428
- C:\Windows\System32\VWmtpor.exe
  C:\Windows\System32\VWmtpor.exe
  2⤵
  PID:5444
- C:\Windows\System32\NEMWlBA.exe
  C:\Windows\System32\NEMWlBA.exe
  2⤵
  PID:5460
- C:\Windows\System32\RMzTHoM.exe
  C:\Windows\System32\RMzTHoM.exe
  2⤵
  PID:5480
- C:\Windows\System32\wHkreSZ.exe
  C:\Windows\System32\wHkreSZ.exe
  2⤵
  PID:5524
- C:\Windows\System32\cMSRDWO.exe
  C:\Windows\System32\cMSRDWO.exe
  2⤵
  PID:5628
- C:\Windows\System32\IWtBmRU.exe
  C:\Windows\System32\IWtBmRU.exe
  2⤵
  PID:5652
- C:\Windows\System32\gVxzbzR.exe
  C:\Windows\System32\gVxzbzR.exe
  2⤵
  PID:5668
- C:\Windows\System32\zErbzUb.exe
  C:\Windows\System32\zErbzUb.exe
  2⤵
  PID:5688
- C:\Windows\System32\rRlckKl.exe
  C:\Windows\System32\rRlckKl.exe
  2⤵
  PID:5704
- C:\Windows\System32\TcVvAAK.exe
  C:\Windows\System32\TcVvAAK.exe
  2⤵
  PID:5720
- C:\Windows\System32\bYyYZqi.exe
  C:\Windows\System32\bYyYZqi.exe
  2⤵
  PID:5740
- C:\Windows\System32\YbMFjiS.exe
  C:\Windows\System32\YbMFjiS.exe
  2⤵
  PID:5768
- C:\Windows\System32\iWSVUPr.exe
  C:\Windows\System32\iWSVUPr.exe
  2⤵
  PID:5788
- C:\Windows\System32\qFAdVlP.exe
  C:\Windows\System32\qFAdVlP.exe
  2⤵
  PID:5804
- C:\Windows\System32\KAsiVTm.exe
  C:\Windows\System32\KAsiVTm.exe
  2⤵
  PID:5820
- C:\Windows\System32\mAfRnCV.exe
  C:\Windows\System32\mAfRnCV.exe
  2⤵
  PID:5840
- C:\Windows\System32\oTPWeoO.exe
  C:\Windows\System32\oTPWeoO.exe
  2⤵
  PID:5948
- C:\Windows\System32\DsiAlUl.exe
  C:\Windows\System32\DsiAlUl.exe
  2⤵
  PID:5968
- C:\Windows\System32\PAFLIMe.exe
  C:\Windows\System32\PAFLIMe.exe
  2⤵
  PID:5988
- C:\Windows\System32\vNZItGR.exe
  C:\Windows\System32\vNZItGR.exe
  2⤵
  PID:6004
- C:\Windows\System32\DDXuwHw.exe
  C:\Windows\System32\DDXuwHw.exe
  2⤵
  PID:6024
- C:\Windows\System32\hSloqdL.exe
  C:\Windows\System32\hSloqdL.exe
  2⤵
  PID:6040
- C:\Windows\System32\AarFEFC.exe
  C:\Windows\System32\AarFEFC.exe
  2⤵
  PID:6124
- C:\Windows\System32\WDOYlAg.exe
  C:\Windows\System32\WDOYlAg.exe
  2⤵
  PID:5108
- C:\Windows\System32\IIOOQzg.exe
  C:\Windows\System32\IIOOQzg.exe
  2⤵
  PID:512
- C:\Windows\System32\IifqgjR.exe
  C:\Windows\System32\IifqgjR.exe
  2⤵
  PID:5256
- C:\Windows\System32\dxlxruW.exe
  C:\Windows\System32\dxlxruW.exe
  2⤵
  PID:5360
- C:\Windows\System32\quGyIcN.exe
  C:\Windows\System32\quGyIcN.exe
  2⤵
  PID:5280
- C:\Windows\System32\TuicUUR.exe
  C:\Windows\System32\TuicUUR.exe
  2⤵
  PID:5404
- C:\Windows\System32\epeshxI.exe
  C:\Windows\System32\epeshxI.exe
  2⤵
  PID:2316
- C:\Windows\System32\PrvzpdF.exe
  C:\Windows\System32\PrvzpdF.exe
  2⤵
  PID:5584
- C:\Windows\System32\mmdqSMq.exe
  C:\Windows\System32\mmdqSMq.exe
  2⤵
  PID:5384
- C:\Windows\System32\ItiePzm.exe
  C:\Windows\System32\ItiePzm.exe
  2⤵
  PID:5732
- C:\Windows\System32\DZohTeG.exe
  C:\Windows\System32\DZohTeG.exe
  2⤵
  PID:812
- C:\Windows\System32\tcQHfIv.exe
  C:\Windows\System32\tcQHfIv.exe
  2⤵
  PID:5816
- C:\Windows\System32\dbbLexH.exe
  C:\Windows\System32\dbbLexH.exe
  2⤵
  PID:5848
- C:\Windows\System32\sIZfVDW.exe
  C:\Windows\System32\sIZfVDW.exe
  2⤵
  PID:5964
- C:\Windows\System32\IGFVNqF.exe
  C:\Windows\System32\IGFVNqF.exe
  2⤵
  PID:612
- C:\Windows\System32\GplJXbD.exe
  C:\Windows\System32\GplJXbD.exe
  2⤵
  PID:220
- C:\Windows\System32\EOlsKQz.exe
  C:\Windows\System32\EOlsKQz.exe
  2⤵
  PID:2360
- C:\Windows\System32\CpbysPT.exe
  C:\Windows\System32\CpbysPT.exe
  2⤵
  PID:5300
- C:\Windows\System32\sUtovgE.exe
  C:\Windows\System32\sUtovgE.exe
  2⤵
  PID:5316
- C:\Windows\System32\YaEgixT.exe
  C:\Windows\System32\YaEgixT.exe
  2⤵
  PID:624
- C:\Windows\System32\YceMrsU.exe
  C:\Windows\System32\YceMrsU.exe
  2⤵
  PID:5424
- C:\Windows\System32\OPZMSeI.exe
  C:\Windows\System32\OPZMSeI.exe
  2⤵
  PID:5340
- C:\Windows\System32\dwNVOdq.exe
  C:\Windows\System32\dwNVOdq.exe
  2⤵
  PID:5980
- C:\Windows\System32\FqLfAjk.exe
  C:\Windows\System32\FqLfAjk.exe
  2⤵
  PID:5932
- C:\Windows\System32\iZGVues.exe
  C:\Windows\System32\iZGVues.exe
  2⤵
  PID:3384
- C:\Windows\System32\OcDPeex.exe
  C:\Windows\System32\OcDPeex.exe
  2⤵
  PID:1660
- C:\Windows\System32\RAOwyFU.exe
  C:\Windows\System32\RAOwyFU.exe
  2⤵
  PID:3644
- C:\Windows\System32\ThJUfFY.exe
  C:\Windows\System32\ThJUfFY.exe
  2⤵
  PID:4456
- C:\Windows\System32\gQkifiP.exe
  C:\Windows\System32\gQkifiP.exe
  2⤵
  PID:2684
- C:\Windows\System32\pvLtPPx.exe
  C:\Windows\System32\pvLtPPx.exe
  2⤵
  PID:4444
- C:\Windows\System32\aFbuUHU.exe
  C:\Windows\System32\aFbuUHU.exe
  2⤵
  PID:4992
- C:\Windows\System32\ckSQlga.exe
  C:\Windows\System32\ckSQlga.exe
  2⤵
  PID:4824
- C:\Windows\System32\djNOLPU.exe
  C:\Windows\System32\djNOLPU.exe
  2⤵
  PID:3920
- C:\Windows\System32\pGWgozp.exe
  C:\Windows\System32\pGWgozp.exe
  2⤵
  PID:5476
- C:\Windows\System32\fVGQrbx.exe
  C:\Windows\System32\fVGQrbx.exe
  2⤵
  PID:2468
- C:\Windows\System32\EmkRXrH.exe
  C:\Windows\System32\EmkRXrH.exe
  2⤵
  PID:5436
- C:\Windows\System32\bqUWXxh.exe
  C:\Windows\System32\bqUWXxh.exe
  2⤵
  PID:6160
- C:\Windows\System32\GTbiKTU.exe
  C:\Windows\System32\GTbiKTU.exe
  2⤵
  PID:6200
- C:\Windows\System32\BBZApTB.exe
  C:\Windows\System32\BBZApTB.exe
  2⤵
  PID:6224
- C:\Windows\System32\FdBGoiJ.exe
  C:\Windows\System32\FdBGoiJ.exe
  2⤵
  PID:6240
- C:\Windows\System32\hWzJwtl.exe
  C:\Windows\System32\hWzJwtl.exe
  2⤵
  PID:6256
- C:\Windows\System32\fDwHXMX.exe
  C:\Windows\System32\fDwHXMX.exe
  2⤵
  PID:6280
- C:\Windows\System32\pMwmqTG.exe
  C:\Windows\System32\pMwmqTG.exe
  2⤵
  PID:6320
- C:\Windows\System32\txNTzGz.exe
  C:\Windows\System32\txNTzGz.exe
  2⤵
  PID:6340
- C:\Windows\System32\ffgHrPn.exe
  C:\Windows\System32\ffgHrPn.exe
  2⤵
  PID:6356
- C:\Windows\System32\WGHwJHt.exe
  C:\Windows\System32\WGHwJHt.exe
  2⤵
  PID:6424
- C:\Windows\System32\YbxhlAk.exe
  C:\Windows\System32\YbxhlAk.exe
  2⤵
  PID:6444
- C:\Windows\System32\PzqzLFR.exe
  C:\Windows\System32\PzqzLFR.exe
  2⤵
  PID:6484
- C:\Windows\System32\CGeapXV.exe
  C:\Windows\System32\CGeapXV.exe
  2⤵
  PID:6520
- C:\Windows\System32\RtOZRfD.exe
  C:\Windows\System32\RtOZRfD.exe
  2⤵
  PID:6540
- C:\Windows\System32\IJhWQXQ.exe
  C:\Windows\System32\IJhWQXQ.exe
  2⤵
  PID:6556
- C:\Windows\System32\IGCXJOI.exe
  C:\Windows\System32\IGCXJOI.exe
  2⤵
  PID:6572
- C:\Windows\System32\SbLWqBe.exe
  C:\Windows\System32\SbLWqBe.exe
  2⤵
  PID:6592
- C:\Windows\System32\KdFLnrO.exe
  C:\Windows\System32\KdFLnrO.exe
  2⤵
  PID:6652
- C:\Windows\System32\DMdBCPC.exe
  C:\Windows\System32\DMdBCPC.exe
  2⤵
  PID:6716
- C:\Windows\System32\TSmDavO.exe
  C:\Windows\System32\TSmDavO.exe
  2⤵
  PID:6732
- C:\Windows\System32\WEkIsYA.exe
  C:\Windows\System32\WEkIsYA.exe
  2⤵
  PID:6748
- C:\Windows\System32\jVrWmUI.exe
  C:\Windows\System32\jVrWmUI.exe
  2⤵
  PID:6768
- C:\Windows\System32\Fiupdxi.exe
  C:\Windows\System32\Fiupdxi.exe
  2⤵
  PID:6784
- C:\Windows\System32\sUajffp.exe
  C:\Windows\System32\sUajffp.exe
  2⤵
  PID:6800
- C:\Windows\System32\wOkzVrG.exe
  C:\Windows\System32\wOkzVrG.exe
  2⤵
  PID:6828
- C:\Windows\System32\TNftySc.exe
  C:\Windows\System32\TNftySc.exe
  2⤵
  PID:6844
- C:\Windows\System32\cjlAJbU.exe
  C:\Windows\System32\cjlAJbU.exe
  2⤵
  PID:6864
- C:\Windows\System32\dhjDwPB.exe
  C:\Windows\System32\dhjDwPB.exe
  2⤵
  PID:6880
- C:\Windows\System32\DosepId.exe
  C:\Windows\System32\DosepId.exe
  2⤵
  PID:6932
- C:\Windows\System32\MWHdzkf.exe
  C:\Windows\System32\MWHdzkf.exe
  2⤵
  PID:7028
- C:\Windows\System32\SUOGWlK.exe
  C:\Windows\System32\SUOGWlK.exe
  2⤵
  PID:7048
- C:\Windows\System32\qEfuYzG.exe
  C:\Windows\System32\qEfuYzG.exe
  2⤵
  PID:7072
- C:\Windows\System32\wlgBbry.exe
  C:\Windows\System32\wlgBbry.exe
  2⤵
  PID:7152
- C:\Windows\System32\PWODGnZ.exe
  C:\Windows\System32\PWODGnZ.exe
  2⤵
  PID:4008
- C:\Windows\System32\gHiLhFB.exe
  C:\Windows\System32\gHiLhFB.exe
  2⤵
  PID:2204
- C:\Windows\System32\SaIBItY.exe
  C:\Windows\System32\SaIBItY.exe
  2⤵
  PID:6176
- C:\Windows\System32\ljuViRx.exe
  C:\Windows\System32\ljuViRx.exe
  2⤵
  PID:6188
- C:\Windows\System32\SpPwnQy.exe
  C:\Windows\System32\SpPwnQy.exe
  2⤵
  PID:6264
- C:\Windows\System32\NKdBkJy.exe
  C:\Windows\System32\NKdBkJy.exe
  2⤵
  PID:6372
- C:\Windows\System32\uhmcaDM.exe
  C:\Windows\System32\uhmcaDM.exe
  2⤵
  PID:6440
- C:\Windows\System32\WnYNOHC.exe
  C:\Windows\System32\WnYNOHC.exe
  2⤵
  PID:6432
- C:\Windows\System32\JQHcozM.exe
  C:\Windows\System32\JQHcozM.exe
  2⤵
  PID:6496
- C:\Windows\System32\PZnfBVh.exe
  C:\Windows\System32\PZnfBVh.exe
  2⤵
  PID:6588
- C:\Windows\System32\UXDHrbo.exe
  C:\Windows\System32\UXDHrbo.exe
  2⤵
  PID:6628
- C:\Windows\System32\lcYTWId.exe
  C:\Windows\System32\lcYTWId.exe
  2⤵
  PID:6892
- C:\Windows\System32\iGQZAGb.exe
  C:\Windows\System32\iGQZAGb.exe
  2⤵
  PID:6756
- C:\Windows\System32\WbAvAul.exe
  C:\Windows\System32\WbAvAul.exe
  2⤵
  PID:3932
- C:\Windows\System32\guaGaMI.exe
  C:\Windows\System32\guaGaMI.exe
  2⤵
  PID:6888
- C:\Windows\System32\TvrNAGs.exe
  C:\Windows\System32\TvrNAGs.exe
  2⤵
  PID:6816
- C:\Windows\System32\UDwzHfr.exe
  C:\Windows\System32\UDwzHfr.exe
  2⤵
  PID:6972
- C:\Windows\System32\bTiGCMp.exe
  C:\Windows\System32\bTiGCMp.exe
  2⤵
  PID:6776
- C:\Windows\System32\HsgIbvI.exe
  C:\Windows\System32\HsgIbvI.exe
  2⤵
  PID:6924
- C:\Windows\System32\dnkbLAq.exe
  C:\Windows\System32\dnkbLAq.exe
  2⤵
  PID:6960
- C:\Windows\System32\aYuWAuL.exe
  C:\Windows\System32\aYuWAuL.exe
  2⤵
  PID:7012
- C:\Windows\System32\ucHXRFf.exe
  C:\Windows\System32\ucHXRFf.exe
  2⤵
  PID:4192
- C:\Windows\System32\KRaoMek.exe
  C:\Windows\System32\KRaoMek.exe
  2⤵
  PID:5780
- C:\Windows\System32\AqRKKRa.exe
  C:\Windows\System32\AqRKKRa.exe
  2⤵
  PID:6288
- C:\Windows\System32\BLpWVlE.exe
  C:\Windows\System32\BLpWVlE.exe
  2⤵
  PID:6388
- C:\Windows\System32\HUVpjAs.exe
  C:\Windows\System32\HUVpjAs.exe
  2⤵
  PID:6468
- C:\Windows\System32\EojzExL.exe
  C:\Windows\System32\EojzExL.exe
  2⤵
  PID:6528
- C:\Windows\System32\rlHJVoe.exe
  C:\Windows\System32\rlHJVoe.exe
  2⤵
  PID:5684
- C:\Windows\System32\HFPRXCp.exe
  C:\Windows\System32\HFPRXCp.exe
  2⤵
  PID:5248
- C:\Windows\System32\CaQgqRR.exe
  C:\Windows\System32\CaQgqRR.exe
  2⤵
  PID:6984
- C:\Windows\System32\poXlEmm.exe
  C:\Windows\System32\poXlEmm.exe
  2⤵
  PID:7060
- C:\Windows\System32\xfWpEIR.exe
  C:\Windows\System32\xfWpEIR.exe
  2⤵
  PID:3616
- C:\Windows\System32\zwfjbHY.exe
  C:\Windows\System32\zwfjbHY.exe
  2⤵
  PID:6836
- C:\Windows\System32\psJwLIE.exe
  C:\Windows\System32\psJwLIE.exe
  2⤵
  PID:6956
- C:\Windows\System32\wnooMdN.exe
  C:\Windows\System32\wnooMdN.exe
  2⤵
  PID:6660
- C:\Windows\System32\vxZnUln.exe
  C:\Windows\System32\vxZnUln.exe
  2⤵
  PID:5096
- C:\Windows\System32\uuLxopW.exe
  C:\Windows\System32\uuLxopW.exe
  2⤵
  PID:6516
- C:\Windows\System32\dTfMxRX.exe
  C:\Windows\System32\dTfMxRX.exe
  2⤵
  PID:6636
- C:\Windows\System32\nuXNYKw.exe
  C:\Windows\System32\nuXNYKw.exe
  2⤵
  PID:5332
- C:\Windows\System32\fMCzPbT.exe
  C:\Windows\System32\fMCzPbT.exe
  2⤵
  PID:6744
- C:\Windows\System32\ikvvMxm.exe
  C:\Windows\System32\ikvvMxm.exe
  2⤵
  PID:7080
- C:\Windows\System32\uMdWtNX.exe
  C:\Windows\System32\uMdWtNX.exe
  2⤵
  PID:7184
- C:\Windows\System32\bChqHDY.exe
  C:\Windows\System32\bChqHDY.exe
  2⤵
  PID:7232
- C:\Windows\System32\IFBmAso.exe
  C:\Windows\System32\IFBmAso.exe
  2⤵
  PID:7300
- C:\Windows\System32\EIUmUMO.exe
  C:\Windows\System32\EIUmUMO.exe
  2⤵
  PID:7320
- C:\Windows\System32\mQDprKG.exe
  C:\Windows\System32\mQDprKG.exe
  2⤵
  PID:7340
- C:\Windows\System32\DMGQecr.exe
  C:\Windows\System32\DMGQecr.exe
  2⤵
  PID:7364
- C:\Windows\System32\SxTasnl.exe
  C:\Windows\System32\SxTasnl.exe
  2⤵
  PID:7468
- C:\Windows\System32\sJczOZp.exe
  C:\Windows\System32\sJczOZp.exe
  2⤵
  PID:7540
- C:\Windows\System32\aPSOpAd.exe
  C:\Windows\System32\aPSOpAd.exe
  2⤵
  PID:7556
- C:\Windows\System32\ujlYizW.exe
  C:\Windows\System32\ujlYizW.exe
  2⤵
  PID:7572
- C:\Windows\System32\hNwZJNA.exe
  C:\Windows\System32\hNwZJNA.exe
  2⤵
  PID:7592
- C:\Windows\System32\rZZgQsb.exe
  C:\Windows\System32\rZZgQsb.exe
  2⤵
  PID:7652
- C:\Windows\System32\rGXFHfE.exe
  C:\Windows\System32\rGXFHfE.exe
  2⤵
  PID:7700
- C:\Windows\System32\MVrwapV.exe
  C:\Windows\System32\MVrwapV.exe
  2⤵
  PID:7724
- C:\Windows\System32\axxgQfz.exe
  C:\Windows\System32\axxgQfz.exe
  2⤵
  PID:7744
- C:\Windows\System32\fnLUggt.exe
  C:\Windows\System32\fnLUggt.exe
  2⤵
  PID:7800
- C:\Windows\System32\psQpfvf.exe
  C:\Windows\System32\psQpfvf.exe
  2⤵
  PID:7816
- C:\Windows\System32\fjZYRhE.exe
  C:\Windows\System32\fjZYRhE.exe
  2⤵
  PID:7836
- C:\Windows\System32\vueRVPP.exe
  C:\Windows\System32\vueRVPP.exe
  2⤵
  PID:7852
- C:\Windows\System32\OWobRdZ.exe
  C:\Windows\System32\OWobRdZ.exe
  2⤵
  PID:7868
- C:\Windows\System32\BrXSXDT.exe
  C:\Windows\System32\BrXSXDT.exe
  2⤵
  PID:7892
- C:\Windows\System32\aAJFVhj.exe
  C:\Windows\System32\aAJFVhj.exe
  2⤵
  PID:7924
- C:\Windows\System32\fRtcFHG.exe
  C:\Windows\System32\fRtcFHG.exe
  2⤵
  PID:7988
- C:\Windows\System32\lrVMKcC.exe
  C:\Windows\System32\lrVMKcC.exe
  2⤵
  PID:8032
- C:\Windows\System32\FuOQyIU.exe
  C:\Windows\System32\FuOQyIU.exe
  2⤵
  PID:8052
- C:\Windows\System32\iXqDRQv.exe
  C:\Windows\System32\iXqDRQv.exe
  2⤵
  PID:8072
- C:\Windows\System32\OANWWMy.exe
  C:\Windows\System32\OANWWMy.exe
  2⤵
  PID:8088
- C:\Windows\System32\ZnVlJZF.exe
  C:\Windows\System32\ZnVlJZF.exe
  2⤵
  PID:8104
- C:\Windows\System32\EqYNPZF.exe
  C:\Windows\System32\EqYNPZF.exe
  2⤵
  PID:8152
- C:\Windows\System32\SfkKyEG.exe
  C:\Windows\System32\SfkKyEG.exe
  2⤵
  PID:8172
- C:\Windows\System32\YmaSSWI.exe
  C:\Windows\System32\YmaSSWI.exe
  2⤵
  PID:8188
- C:\Windows\System32\tbJizJA.exe
  C:\Windows\System32\tbJizJA.exe
  2⤵
  PID:5556
- C:\Windows\System32\FwIuFdS.exe
  C:\Windows\System32\FwIuFdS.exe
  2⤵
  PID:3300
- C:\Windows\System32\WIroGLB.exe
  C:\Windows\System32\WIroGLB.exe
  2⤵
  PID:6436
- C:\Windows\System32\EvTwbuF.exe
  C:\Windows\System32\EvTwbuF.exe
  2⤵
  PID:7316
- C:\Windows\System32\UKvbzZj.exe
  C:\Windows\System32\UKvbzZj.exe
  2⤵
  PID:7308
- C:\Windows\System32\wpVJlNT.exe
  C:\Windows\System32\wpVJlNT.exe
  2⤵
  PID:7376
- C:\Windows\System32\XiEZPBW.exe
  C:\Windows\System32\XiEZPBW.exe
  2⤵
  PID:7528
- C:\Windows\System32\TRqhXAH.exe
  C:\Windows\System32\TRqhXAH.exe
  2⤵
  PID:7580
- C:\Windows\System32\sDfXdSc.exe
  C:\Windows\System32\sDfXdSc.exe
  2⤵
  PID:7740
- C:\Windows\System32\cXLfriO.exe
  C:\Windows\System32\cXLfriO.exe
  2⤵
  PID:7720
- C:\Windows\System32\aTCRIwU.exe
  C:\Windows\System32\aTCRIwU.exe
  2⤵
  PID:7784
- C:\Windows\System32\rSaidsC.exe
  C:\Windows\System32\rSaidsC.exe
  2⤵
  PID:7824
- C:\Windows\System32\azHwDuh.exe
  C:\Windows\System32\azHwDuh.exe
  2⤵
  PID:7908
- C:\Windows\System32\fphRzEf.exe
  C:\Windows\System32\fphRzEf.exe
  2⤵
  PID:7864
- C:\Windows\System32\DSCpGQV.exe
  C:\Windows\System32\DSCpGQV.exe
  2⤵
  PID:7944
- C:\Windows\System32\ADXVcPZ.exe
  C:\Windows\System32\ADXVcPZ.exe
  2⤵
  PID:7932
- C:\Windows\System32\kTOgvig.exe
  C:\Windows\System32\kTOgvig.exe
  2⤵
  PID:8080
- C:\Windows\System32\sLXlGTB.exe
  C:\Windows\System32\sLXlGTB.exe
  2⤵
  PID:8048
- C:\Windows\System32\omKutJQ.exe
  C:\Windows\System32\omKutJQ.exe
  2⤵
  PID:5196
- C:\Windows\System32\UzlJAwh.exe
  C:\Windows\System32\UzlJAwh.exe
  2⤵
  PID:5800
- C:\Windows\System32\XmmNkBm.exe
  C:\Windows\System32\XmmNkBm.exe
  2⤵
  PID:7620
- C:\Windows\System32\JsvnMbq.exe
  C:\Windows\System32\JsvnMbq.exe
  2⤵
  PID:7568
- C:\Windows\System32\waDCWcC.exe
  C:\Windows\System32\waDCWcC.exe
  2⤵
  PID:7772
- C:\Windows\System32\QrFHLcp.exe
  C:\Windows\System32\QrFHLcp.exe
  2⤵
  PID:7672
- C:\Windows\System32\PYyEFKS.exe
  C:\Windows\System32\PYyEFKS.exe
  2⤵
  PID:7832
- C:\Windows\System32\rCJBiAE.exe
  C:\Windows\System32\rCJBiAE.exe
  2⤵
  PID:7884
- C:\Windows\System32\YPxZLJI.exe
  C:\Windows\System32\YPxZLJI.exe
  2⤵
  PID:8004
- C:\Windows\System32\scvmdjj.exe
  C:\Windows\System32\scvmdjj.exe
  2⤵
  PID:7328
- C:\Windows\System32\VgsBLut.exe
  C:\Windows\System32\VgsBLut.exe
  2⤵
  PID:7848
- C:\Windows\System32\aAaRAPs.exe
  C:\Windows\System32\aAaRAPs.exe
  2⤵
  PID:8008
- C:\Windows\System32\DfpXusb.exe
  C:\Windows\System32\DfpXusb.exe
  2⤵
  PID:8028
- C:\Windows\System32\TIFVGgs.exe
  C:\Windows\System32\TIFVGgs.exe
  2⤵
  PID:8196
- C:\Windows\System32\BiKkcGl.exe
  C:\Windows\System32\BiKkcGl.exe
  2⤵
  PID:8212
- C:\Windows\System32\bZJABpT.exe
  C:\Windows\System32\bZJABpT.exe
  2⤵
  PID:8260
- C:\Windows\System32\QoRFsJS.exe
  C:\Windows\System32\QoRFsJS.exe
  2⤵
  PID:8280
- C:\Windows\System32\BbPLLQt.exe
  C:\Windows\System32\BbPLLQt.exe
  2⤵
  PID:8376
- C:\Windows\System32\cQYqOew.exe
  C:\Windows\System32\cQYqOew.exe
  2⤵
  PID:8408
- C:\Windows\System32\MwvWVNH.exe
  C:\Windows\System32\MwvWVNH.exe
  2⤵
  PID:8424
- C:\Windows\System32\BOFBbkA.exe
  C:\Windows\System32\BOFBbkA.exe
  2⤵
  PID:8444
- C:\Windows\System32\mdlpFlM.exe
  C:\Windows\System32\mdlpFlM.exe
  2⤵
  PID:8468
- C:\Windows\System32\qAijGlD.exe
  C:\Windows\System32\qAijGlD.exe
  2⤵
  PID:8504
- C:\Windows\System32\waPRcjD.exe
  C:\Windows\System32\waPRcjD.exe
  2⤵
  PID:8568
- C:\Windows\System32\klPfAsa.exe
  C:\Windows\System32\klPfAsa.exe
  2⤵
  PID:8588
- C:\Windows\System32\KeMiTUO.exe
  C:\Windows\System32\KeMiTUO.exe
  2⤵
  PID:8608
- C:\Windows\System32\PncltQg.exe
  C:\Windows\System32\PncltQg.exe
  2⤵
  PID:8624
- C:\Windows\System32\ndKlItl.exe
  C:\Windows\System32\ndKlItl.exe
  2⤵
  PID:8652
- C:\Windows\System32\KJwdWZT.exe
  C:\Windows\System32\KJwdWZT.exe
  2⤵
  PID:8672
- C:\Windows\System32\oKYsNkI.exe
  C:\Windows\System32\oKYsNkI.exe
  2⤵
  PID:8688
- C:\Windows\System32\JZDBrbc.exe
  C:\Windows\System32\JZDBrbc.exe
  2⤵
  PID:8708
- C:\Windows\System32\tRMwvhb.exe
  C:\Windows\System32\tRMwvhb.exe
  2⤵
  PID:8724
- C:\Windows\System32\GmFBaje.exe
  C:\Windows\System32\GmFBaje.exe
  2⤵
  PID:8740
- C:\Windows\System32\hvbZCgk.exe
  C:\Windows\System32\hvbZCgk.exe
  2⤵
  PID:8756
- C:\Windows\System32\rMQNeKj.exe
  C:\Windows\System32\rMQNeKj.exe
  2⤵
  PID:8776
- C:\Windows\System32\dodgOtT.exe
  C:\Windows\System32\dodgOtT.exe
  2⤵
  PID:8816
- C:\Windows\System32\dweIEmC.exe
  C:\Windows\System32\dweIEmC.exe
  2⤵
  PID:8940
- C:\Windows\System32\yojCNKu.exe
  C:\Windows\System32\yojCNKu.exe
  2⤵
  PID:8984
- C:\Windows\System32\ycxqmoZ.exe
  C:\Windows\System32\ycxqmoZ.exe
  2⤵
  PID:9004
- C:\Windows\System32\BoWVzsl.exe
  C:\Windows\System32\BoWVzsl.exe
  2⤵
  PID:9032
- C:\Windows\System32\aOdjRAS.exe
  C:\Windows\System32\aOdjRAS.exe
  2⤵
  PID:9048
- C:\Windows\System32\ahxovRF.exe
  C:\Windows\System32\ahxovRF.exe
  2⤵
  PID:9068
- C:\Windows\System32\FIIpSGb.exe
  C:\Windows\System32\FIIpSGb.exe
  2⤵
  PID:9084
- C:\Windows\System32\wghAcBQ.exe
  C:\Windows\System32\wghAcBQ.exe
  2⤵
  PID:9108
- C:\Windows\System32\QweFSbV.exe
  C:\Windows\System32\QweFSbV.exe
  2⤵
  PID:9124
- C:\Windows\System32\TzOmoJy.exe
  C:\Windows\System32\TzOmoJy.exe
  2⤵
  PID:9144
- C:\Windows\System32\ccatHdt.exe
  C:\Windows\System32\ccatHdt.exe
  2⤵
  PID:9196
- C:\Windows\System32\ZrSnlMh.exe
  C:\Windows\System32\ZrSnlMh.exe
  2⤵
  PID:9212
- C:\Windows\System32\BbcUDId.exe
  C:\Windows\System32\BbcUDId.exe
  2⤵
  PID:8208
- C:\Windows\System32\KmJJwGL.exe
  C:\Windows\System32\KmJJwGL.exe
  2⤵
  PID:8096
- C:\Windows\System32\ynkpsdL.exe
  C:\Windows\System32\ynkpsdL.exe
  2⤵
  PID:8272
- C:\Windows\System32\vJomIhM.exe
  C:\Windows\System32\vJomIhM.exe
  2⤵
  PID:8300
- C:\Windows\System32\MCVJQMh.exe
  C:\Windows\System32\MCVJQMh.exe
  2⤵
  PID:8576
- C:\Windows\System32\vovwNPS.exe
  C:\Windows\System32\vovwNPS.exe
  2⤵
  PID:8704
- C:\Windows\System32\KqhMLPe.exe
  C:\Windows\System32\KqhMLPe.exe
  2⤵
  PID:8752
- C:\Windows\System32\zKXiUjw.exe
  C:\Windows\System32\zKXiUjw.exe
  2⤵
  PID:8736
- C:\Windows\System32\BViofEA.exe
  C:\Windows\System32\BViofEA.exe
  2⤵
  PID:8664
- C:\Windows\System32\zVAizyb.exe
  C:\Windows\System32\zVAizyb.exe
  2⤵
  PID:8844
- C:\Windows\System32\LwBNaSv.exe
  C:\Windows\System32\LwBNaSv.exe
  2⤵
  PID:8856
- C:\Windows\System32\kVpprYl.exe
  C:\Windows\System32\kVpprYl.exe
  2⤵
  PID:8896
- C:\Windows\System32\DijoYFg.exe
  C:\Windows\System32\DijoYFg.exe
  2⤵
  PID:9000
- C:\Windows\System32\QNmLRKP.exe
  C:\Windows\System32\QNmLRKP.exe
  2⤵
  PID:9020
- C:\Windows\System32\hPIsywS.exe
  C:\Windows\System32\hPIsywS.exe
  2⤵
  PID:9080
- C:\Windows\System32\DakWmUo.exe
  C:\Windows\System32\DakWmUo.exe
  2⤵
  PID:9132
- C:\Windows\System32\BmbscVk.exe
  C:\Windows\System32\BmbscVk.exe
  2⤵
  PID:9156
- C:\Windows\System32\kIKesSa.exe
  C:\Windows\System32\kIKesSa.exe
  2⤵
  PID:9176
- C:\Windows\System32\flSYkkB.exe
  C:\Windows\System32\flSYkkB.exe
  2⤵
  PID:7808
- C:\Windows\System32\pgARRJC.exe
  C:\Windows\System32\pgARRJC.exe
  2⤵
  PID:8224
- C:\Windows\System32\OMKkxwo.exe
  C:\Windows\System32\OMKkxwo.exe
  2⤵
  PID:8476
- C:\Windows\System32\EtOFQXp.exe
  C:\Windows\System32\EtOFQXp.exe
  2⤵
  PID:8824
- C:\Windows\System32\NdFGDim.exe
  C:\Windows\System32\NdFGDim.exe
  2⤵
  PID:9028
- C:\Windows\System32\ngwUKxt.exe
  C:\Windows\System32\ngwUKxt.exe
  2⤵
  PID:8996
- C:\Windows\System32\gBvpMtW.exe
  C:\Windows\System32\gBvpMtW.exe
  2⤵
  PID:8344
- C:\Windows\System32\TLMLmHI.exe
  C:\Windows\System32\TLMLmHI.exe
  2⤵
  PID:8292
- C:\Windows\System32\NHuBRvI.exe
  C:\Windows\System32\NHuBRvI.exe
  2⤵
  PID:9116
- C:\Windows\System32\YXsuQAt.exe
  C:\Windows\System32\YXsuQAt.exe
  2⤵
  PID:8236
- C:\Windows\System32\rRqbYhs.exe
  C:\Windows\System32\rRqbYhs.exe
  2⤵
  PID:8668
- C:\Windows\System32\caajfJg.exe
  C:\Windows\System32\caajfJg.exe
  2⤵
  PID:9244
- C:\Windows\System32\PsZmMhF.exe
  C:\Windows\System32\PsZmMhF.exe
  2⤵
  PID:9264
- C:\Windows\System32\HGAbSeI.exe
  C:\Windows\System32\HGAbSeI.exe
  2⤵
  PID:9288
- C:\Windows\System32\hcbzJTh.exe
  C:\Windows\System32\hcbzJTh.exe
  2⤵
  PID:9304
- C:\Windows\System32\MKhauJr.exe
  C:\Windows\System32\MKhauJr.exe
  2⤵
  PID:9320
- C:\Windows\System32\UvCVDfS.exe
  C:\Windows\System32\UvCVDfS.exe
  2⤵
  PID:9336
- C:\Windows\System32\XEMXqIg.exe
  C:\Windows\System32\XEMXqIg.exe
  2⤵
  PID:9408
- C:\Windows\System32\BMAsoqu.exe
  C:\Windows\System32\BMAsoqu.exe
  2⤵
  PID:9488
- C:\Windows\System32\PoQMsIL.exe
  C:\Windows\System32\PoQMsIL.exe
  2⤵
  PID:9508
- C:\Windows\System32\hAcVvzC.exe
  C:\Windows\System32\hAcVvzC.exe
  2⤵
  PID:9532
- C:\Windows\System32\MCrQooC.exe
  C:\Windows\System32\MCrQooC.exe
  2⤵
  PID:9552
- C:\Windows\System32\seVqJpu.exe
  C:\Windows\System32\seVqJpu.exe
  2⤵
  PID:9572
- C:\Windows\System32\uzHldBq.exe
  C:\Windows\System32\uzHldBq.exe
  2⤵
  PID:9588
- C:\Windows\System32\UPlWdIu.exe
  C:\Windows\System32\UPlWdIu.exe
  2⤵
  PID:9604
- C:\Windows\System32\TJjzwPB.exe
  C:\Windows\System32\TJjzwPB.exe
  2⤵
  PID:9620
- C:\Windows\System32\XdggHSn.exe
  C:\Windows\System32\XdggHSn.exe
  2⤵
  PID:9648
- C:\Windows\System32\UCkYNxU.exe
  C:\Windows\System32\UCkYNxU.exe
  2⤵
  PID:9672
- C:\Windows\System32\VrqbqtZ.exe
  C:\Windows\System32\VrqbqtZ.exe
  2⤵
  PID:9688
- C:\Windows\System32\vSvrzpR.exe
  C:\Windows\System32\vSvrzpR.exe
  2⤵
  PID:9704
- C:\Windows\System32\WfCkluZ.exe
  C:\Windows\System32\WfCkluZ.exe
  2⤵
  PID:9724
- C:\Windows\System32\CdEXMSV.exe
  C:\Windows\System32\CdEXMSV.exe
  2⤵
  PID:9740
- C:\Windows\System32\uQgGeDl.exe
  C:\Windows\System32\uQgGeDl.exe
  2⤵
  PID:9812
- C:\Windows\System32\pEQxhLD.exe
  C:\Windows\System32\pEQxhLD.exe
  2⤵
  PID:9832
- C:\Windows\System32\OxfFahD.exe
  C:\Windows\System32\OxfFahD.exe
  2⤵
  PID:9848
- C:\Windows\System32\ShnMMea.exe
  C:\Windows\System32\ShnMMea.exe
  2⤵
  PID:9916
- C:\Windows\System32\RxgxWdW.exe
  C:\Windows\System32\RxgxWdW.exe
  2⤵
  PID:9932
- C:\Windows\System32\vutMpzc.exe
  C:\Windows\System32\vutMpzc.exe
  2⤵
  PID:9952
- C:\Windows\System32\rcjLwEE.exe
  C:\Windows\System32\rcjLwEE.exe
  2⤵
  PID:10036
- C:\Windows\System32\saAHBJB.exe
  C:\Windows\System32\saAHBJB.exe
  2⤵
  PID:10052
- C:\Windows\System32\ZnWRObS.exe
  C:\Windows\System32\ZnWRObS.exe
  2⤵
  PID:10088
- C:\Windows\System32\wcTqExK.exe
  C:\Windows\System32\wcTqExK.exe
  2⤵
  PID:10104
- C:\Windows\System32\sRDJCIP.exe
  C:\Windows\System32\sRDJCIP.exe
  2⤵
  PID:10124
- C:\Windows\System32\qyUZYMQ.exe
  C:\Windows\System32\qyUZYMQ.exe
  2⤵
  PID:10192
- C:\Windows\System32\pIHaXDw.exe
  C:\Windows\System32\pIHaXDw.exe
  2⤵
  PID:8680
- C:\Windows\System32\MuDdbgZ.exe
  C:\Windows\System32\MuDdbgZ.exe
  2⤵
  PID:9296
- C:\Windows\System32\AMfYuwV.exe
  C:\Windows\System32\AMfYuwV.exe
  2⤵
  PID:9316
- C:\Windows\System32\CpzoaBq.exe
  C:\Windows\System32\CpzoaBq.exe
  2⤵
  PID:9380
- C:\Windows\System32\UzCFwAL.exe
  C:\Windows\System32\UzCFwAL.exe
  2⤵
  PID:9596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BIZGBBl.exe

Filesize
1.1MB

MD5
dacf2546e7781fc78798f74b40f6e79d

SHA1
f32d4da097baf41e9c4bd9908661db397ee6883f

SHA256
2910d6e5d26c49258dd558c56f99e9f5cfd46efb8b2452fcdaad0167ed0a7c94

SHA512
148b4e0ab8a61d55d912523525fb9c325a151ac3ace8d904be6de39e3d3c31c57b5e542f761c55ae5c4255caaa34ed41920690abf1a821797af110ed199ca02d

Download Submit
C:\Windows\System32\BzRvuBb.exe

Filesize
1.1MB

MD5
3e13a76522913c7f48842fba48d4e280

SHA1
33b090e70010abb59eea4a11bffebd9c2476ae61

SHA256
09b34045c7356d983eb3ef7d5e892a3252ef1d1e2c64a84fb32a0558e40f386d

SHA512
7b2f79013aa64781e164089f7e56bb09b62abf1421aaed21fbe7272350c01e0c43c609f570acbe4f249c3be7c1ec51417b2f786721694dcf9a585db80d997304

Download Submit
C:\Windows\System32\FHhGSoK.exe

Filesize
1.1MB

MD5
729a0d8419e19c0415698675636c7578

SHA1
1d7dcb53e91c18c47e79ce41796bc19f467ff88d

SHA256
2029ef26f8c38b1daa7f7f375e3c44ab592c7ca466eab7e15d8da4c2ae1291c5

SHA512
17ab646e706bd261b379d39d4d18b25f096fcfa77a3db87685f09d134fd8bb89bd8ab685793fece8b98d05393479617c600986e053d05dd8cea10f3cd051b437

Download Submit
C:\Windows\System32\KCobfjY.exe

Filesize
1.1MB

MD5
5d1ea9b9f568ec8049f1036538c62407

SHA1
ced12af5a1da85dbc583aa53d99def744ff0c187

SHA256
5d1f74b75daa0bbf8e837bd7e4c7a8d3790f44f9b0d6950ea449d7aae171eba8

SHA512
6102ee5e1cfd0718fda3e46fc171c29564678d034944430d6e16e004982bfe78b3d2067303c7e21083dacf26db1ddfdea07c6decdb24abf2d0d4bf6baa0afe75

Download Submit
C:\Windows\System32\KUCdISM.exe

Filesize
1.1MB

MD5
227f91cf8e09183c630d1d187cdc117c

SHA1
de2d6ea75c1526ac9d92607a38edc9ed415e333c

SHA256
74261b15273d0539bc1b52c44c1c8613a9848fd233f8d792168314a9e9a7306d

SHA512
c03416d20fddad5859f8814b36e4d36edaad15f9e2034d0abba793247b007f486244ad02b75922609d44d323a98d78008cbe7a408f5414a9c8e3d205dd7e571b

Download Submit
C:\Windows\System32\KqUucJi.exe

Filesize
1.1MB

MD5
1ae20aa14f08a4dba77a7b2857da7da4

SHA1
61cdec09822adf622530c8484f9c358d85d84189

SHA256
7727bce56fbd9e4bb6154da863d143fff927ce506f89e540d2b6829aef682bcd

SHA512
4505576797ae5c062fe9201e2e436dfc7ebd306c0b83bfacab220101509008932ced16b96ab1dc5f85b83dc76035167651fd99c3b673c28b603ff11b066f3b7b

Download Submit
C:\Windows\System32\LTFcYRs.exe

Filesize
1.1MB

MD5
448f6cf2ff04097235d5e1a313791475

SHA1
18fe7be0d8a493e14a78809a663a1a76d250547e

SHA256
a14f38a895454536b3af28e65cc4a3f4e2c758a6dfbb23add04228d5d62fd356

SHA512
afbdd6a084c9ae7dc3cd05897a694a1c25f8c88d5c79e04942ece65679a8deaa4cc141f33ac88bd1e44e214ffda239c1b63817b91bbdbd9f47bd62d7a28a1c98

Download Submit
C:\Windows\System32\LzWWFvn.exe

Filesize
1.1MB

MD5
3f609dd641898a3a3bf3b2f77066c145

SHA1
e861bc61c233cc405b87785ccb89f4f862354221

SHA256
640aa9d7d30c0a5ca24dc1ae9c33e0e3edfd0c5d85d7559043b9c01f2caf7c9d

SHA512
83103e38f6442f4d65d0e722c3d2c217280124ce231b9cef4512d856d5e4d422a14c6dc7d9c26be7755447b551e439a16fab7559a12c7c35a5c42487a948a2d1

Download Submit
C:\Windows\System32\QNOAafO.exe

Filesize
1.1MB

MD5
dc2071df9425b7ece127e0e64ce49de9

SHA1
fc9b45445022621e0d05928b09f53bb8a38a40ef

SHA256
fb18977efa69e326bfd7764e50484aad2304a6e9f5efba7755e5b4255f78d210

SHA512
7a7f1cfd3e2c1844c463312d355f8aebddb9e195d63e4c60bd649c020f49dbb37571b5c9d22d535e4bd32d7a7bf1cc2064995122bd5008002e66179b082be335

Download Submit
C:\Windows\System32\WJKAKPN.exe

Filesize
1.1MB

MD5
d7c5d780abe174038792c177611e7353

SHA1
1f48f8cc674377e7464bba3a982c914507ca1bda

SHA256
5c61bb068f69fc32781f3f999648aa43f6d61e1bd286661b0142c87b8c4f5808

SHA512
193d407b571f3d3fc410ac2bb44c8423e236b05db40b5f86c86f9ed62b654f81493b1e8fc8e878b3dbbc90923e2ef3e5efb3bcb2c931d1ebbf2b080853337f29

Download Submit
C:\Windows\System32\WROfixU.exe

Filesize
1.1MB

MD5
79027a4488fafb76a05e19471e14a90a

SHA1
c5e1ae9d7305e51e4c3b29651cf471ac0536de15

SHA256
616227281dd4fd378fd750e37d100ce571add004352ac3438b5a9dd71bc009f7

SHA512
8c6f519197c7e214c1e6d21dc3d34412f2e0ff70328d9ee6895cc668f8221f6f66a606bf833f0ebd626181f1754d83eff1310bd5350dc0764765c547a52bc252

Download Submit
C:\Windows\System32\XBgxOjz.exe

Filesize
1.1MB

MD5
56d71788940d5fd88b303290af14b474

SHA1
8c93bd8f5ab7c5062fe64968e025e56f49d73b26

SHA256
dd58ca21fb52d07a002fede2d552df00cbabb794496fc477b03aa6aef2f58905

SHA512
b86b4f8d15df7400f2a1defe349ce83daec3c6288dbf48d77ff361652f048cd6f4deed8825c37f6dc81f92894d666ead18e09ca7f7bdfecddea08c88f2db0280

Download Submit
C:\Windows\System32\YZHqaXH.exe

Filesize
1.1MB

MD5
63add42a5f7f7c6a73a71966112f41a4

SHA1
f6f84156656ecf4c83ce87a5e17e35956180532e

SHA256
9f037934a4f0ff04ef7138a7577a790661b775c26f3d54a8920f76d0e1ce6b96

SHA512
c340b2cef34a959c2297631fd396b5a1126f6a434b609e3635ae6174c118d8330d317fc77bfd577b14ea65dadfe7cc3ba8e846550b54fbf28d3af10a64e21db9

Download Submit
C:\Windows\System32\aBPyCHv.exe

Filesize
1.1MB

MD5
a6eba93e048d1348802b27b594a88650

SHA1
cf586b3bae2cec0d8a0085c16281e42b1d8ea0c6

SHA256
159c33e3d0e8b4697275ffce4b679baee59881227a2ebb19e5bd2a95e765c558

SHA512
6070c22b926616542c83c4c3b01338d1a05562f0b30a8dfa8261bf7d56f717622bf485533ed30ec356332254ae3925a09d2ae91be2118a24ce275f4bcdb14b0f

Download Submit
C:\Windows\System32\aIuRtEp.exe

Filesize
1.1MB

MD5
c77c129234886662dfdd1e5bd4e7ec07

SHA1
72cf213b04e9bd5ae93d0778c160c345b9b36a19

SHA256
449bb15bf7e38ab1e50b0e456fe267c4d8708e978ffedccd434630a66e0c907e

SHA512
6f056717d3588886ea046ecad0ebc7e6720d8e5acfff6d2eabd2f3abcf6f7a0ab39bbc70467621a184c383ea40218cfbb9b523a20abec7e4c1596c84b81f69e5

Download Submit
C:\Windows\System32\aSsfCDh.exe

Filesize
1.1MB

MD5
155e366deb096f0dc7edca7c92feac15

SHA1
1437895ab1674fce11a2d6a924849ebb5681fb81

SHA256
59880f3b7ed4f8ff07c0c01b2b67d6b82faffc2a7b9b4845e4ed5e9d6283d644

SHA512
e431c7982366304a83b28a0c23d05c817b1893bb130a70b57905e71d69a7492bebb8dd08019cb9d8a99b13d54a10cb756cfae383310bd85669ebd21429c8b704

Download Submit
C:\Windows\System32\blibXGy.exe

Filesize
1.1MB

MD5
510aa6e6bb736c3bfa9baf03682010e0

SHA1
5196b039b715c0dba2771d751ae6aa0bd9632e00

SHA256
4a64f9a8e4926b2503fce8487377ecfd040c707c0b29f26d6fa8b2418d95f133

SHA512
b379b83fc744309e01d8b3ee8a71c10d50f091924366bc36b2b4826e8fe22399fce80d3c42856751951659eb56aa474ad9ce7e4ec0c23b6c490206e9f4825ff4

Download Submit
C:\Windows\System32\cPTUwcu.exe

Filesize
1.1MB

MD5
1d43ec5e22018555ea03aa88888b2c65

SHA1
9666566d34a79ddf826edd3151a3352540c8dc97

SHA256
70ff5bc1127a02e0062fb9481b52f2dc1201b1db8cea5cd8156c491958e9aa93

SHA512
9bf70c78a157474cb31ff501f72f89e2fdfd169166eb4b14c688e7a7b108338bf796866c19350ac65e19cf89c4dc46e0d267875c580a9fcd1205273ed6a0df1d

Download Submit
C:\Windows\System32\cqyWOJP.exe

Filesize
1.1MB

MD5
a17ef76b4ce305423fc1bbaafa04e798

SHA1
d14c680bca03e9eeb1ddb8638f76cce914ae19e6

SHA256
f79548cc8dc192c1eb422cc6e2453fd6d4706483f6b2d057b1acc68f400a73ad

SHA512
d13ca9c0cdb13a03d9764ecba847fe18cc9c7b5c158d4b0df0a2b24c02274c5947a89948357ef3657c0528b8a83fa2df0218ac955033b43b04bcd544fbc28b4f

Download Submit
C:\Windows\System32\dAmHADr.exe

Filesize
1.1MB

MD5
b2ed301b8e91bbe7fac365a0765f95e1

SHA1
a5f3cc60a4f3b4050b58ad66987a3414f4ea14a5

SHA256
c3f6590b6cdff0bd46aba08828ec717d90d34987a6d6cc6aa7b38e35ea10c577

SHA512
20cf4186f3169c03c516b353e9860c9bacf6903a537750cadd847c861dca1ac118dc9e2750b9705964811ef657e3c275e3112be3ef846e8e1d43a2e72f27f1de

Download Submit
C:\Windows\System32\fPUuQra.exe

Filesize
1.1MB

MD5
e3b462514afbbfd85c3114a40ac0959a

SHA1
f91de0664136f0de7988026e191c0b667512fe93

SHA256
6c06b81a7c81228e15c0bd7e84fd6d5025bf98cf36c14c9050eb3b3b49ada10f

SHA512
ab147741746b358584ad547a51be7efd1c6d929b9af64bace2ade5365ee5c85c991801a93e201d3b440920bd95a453e7b2c6800ad24cdce151f65789ef3b656b

Download Submit
C:\Windows\System32\njZdiya.exe

Filesize
1.1MB

MD5
bd871fda27bae758d623982cad879e12

SHA1
29bb56cdd2aea03f802e3aa6e05bd914a726ed58

SHA256
1f96cdef8f90906057b1e23b1921c78a51f8028fc714f210862698806f494f3b

SHA512
90d325a3efc6d0858293a4fd551844d1afadcd491289aae7b015bdb6e7967024d1656bdd8268cf9e1b71d02755cfb8b104e7f53d3b0bc519da4e327cfd415987

Download Submit
C:\Windows\System32\odkMcWW.exe

Filesize
1.1MB

MD5
1760e165cfa74dda3f50c2ae150793ac

SHA1
4f84505a8953459bbcf29a1182d47dd0ca08e1cd

SHA256
fce2642fadc49cbf11a4ed6ea5a2a067734280ac04b3dd7e54ccf673ece9106b

SHA512
7e4b45f8f306ed54dff3304b0c3d80e90b62cbe53193387af0fdd2db8f5939296e285628b1f87aa598dac924a9d456d5e889c1d3f7024ccba2471ecdbffa4e6f

Download Submit
C:\Windows\System32\ofQUXIK.exe

Filesize
1.1MB

MD5
8f7b55d94ee7ccd40d7660a4c2589353

SHA1
4d1e3be8ca4d905cecf059dfa76e9e6639b4e120

SHA256
161b2d52d92a432609d499f0482e6573068d1a2cab8e604d0f0765aac6625a91

SHA512
37d1c9ae6aed9c32e22e576ec1946dff9973670a96273ae8e885da9102b6d8a90d07696dbb50f5f4745785865b3176aea6a7c99b682285ad46270228b63f65fd

Download Submit
C:\Windows\System32\pqCRtBS.exe

Filesize
1.1MB

MD5
4a0c27e0c28af71620c263a2af41e2f7

SHA1
bf9bba9c4a3d6648a5de8d099fca9fef39257f15

SHA256
fd2ce4520df32ee3163122db3938387584b53aeee335a98534397412a87292b2

SHA512
8975b4dfb27ae518f2078009f250078b670fa15d8c7a4c559d4457e6f9223281d3fff56f17bbd92a8ab2acfc60bf0fca8bdc11e981fe1952d4dca64fa4404e7a

Download Submit
C:\Windows\System32\tnuFGyV.exe

Filesize
1.1MB

MD5
834a679c9472e5b7a1e40e7d11e68e44

SHA1
4adf97e26423a1eb725d2461620b81d68025c7a1

SHA256
c570a7a6c41d4deef45b6cd1f262935684df9c60ba944ae9f21a94b7babdffa7

SHA512
0d5455ec33ef4418195b268b4db2e4eff706a65bafa1c4e7a60de41f515bc9bb822295bc706c54d2d9c91d7b8a69fa973d93b99a3bb6a5c822202a499ace42f3

Download Submit
C:\Windows\System32\uOaSrao.exe

Filesize
1.1MB

MD5
7fb329492fe2ba3b6d8da995ae6c333a

SHA1
c87af18e13d6495c695a5d460a126b82b67d1b83

SHA256
221085e7519f62f1d0c1897f451627d067ff0d5c26a646d1e9dbdbc3879aa05c

SHA512
eafdf7a07cc2e1453445f1b53cbfbcfaca6a7e5368a897f8fc858d8aa1dfd1ff7150f9cb13f267fec26aed1dfc958b259cb64c3e91c8dba6148b785149e36e40

Download Submit
C:\Windows\System32\vajoSau.exe

Filesize
1.1MB

MD5
c0cd5090a754edff81113d815e9307fb

SHA1
099254ce644f2a1e1d8e33908de3bae4652f56b2

SHA256
63cb6c05426f6f02b22bc224c7256de6396e2f6e720f273f22014e896f0492a6

SHA512
ac35a3daf9944463e43dd896ea646eba0d936f7acb75bbc39edf07c1597a07b17245d984c07105e136105c790778023bef7cd0e36719f49790bf40833b3e6324

Download Submit
C:\Windows\System32\wXqQtnQ.exe

Filesize
1.1MB

MD5
c953c579aafcdcc454713a91eec39524

SHA1
eaa6798023be1ec012eb42d21c39d97c8710af47

SHA256
6052444baa781618cc4a600c757e0f2af3d8626aef4c9d36b6d5237ffe1ce366

SHA512
7e60524071072966268cdd8bfbfd08d17c3d6e0d6c553855c92d74a097b2788210d52973c79094580122cf46fb1c3d7c1bcae924aae4f59359a4a6981e5810b8

Download Submit
C:\Windows\System32\xJJmGQG.exe

Filesize
1.1MB

MD5
4fad12b6bb9bacb73fc8a7196862237c

SHA1
9e9274c8eb5a4cb2fb700638f250f0fef69365ec

SHA256
66211726c754ba11a217e5fe7caa4894089c254f05c8f4262dfbcac3a350a090

SHA512
501bef0785d4b21162d9ce841b99b7b654b0cf1768046361012e7da72fc0521cdf29d8e0332e1f4d437cd20fe50328e3d1f397bb8f3e8a26e8cd9a09d4446214

Download Submit
C:\Windows\System32\ypZLzKF.exe

Filesize
1.1MB

MD5
3db188fa1017aab8486f7f98d474a844

SHA1
58ee5409e2ce8cccd3cefab7992b4592b09a5843

SHA256
b46368ad63be923c0db5765cf43dafd7530ceda353e1ff23fff8456ac4546108

SHA512
431dce0eea5b2bf0c88e8f211d88535042be3ea010fbebd08d63fb437571fcd71cbb7cf49162348b3ef16b59c3d2685be85810d4e92d17423817713e7f97aa5e

Download Submit
C:\Windows\System32\yzdLHHt.exe

Filesize
1.1MB

MD5
967425aa9ef26b2c8f2f22bcda877a48

SHA1
a3b28b8894fd2488a5bf588dedad94c492b4b734

SHA256
0f3c4fb835f3485f4e5a2bc69bf1ac14b7cb776b2507ef9b4f789e875765c747

SHA512
b05b8383e96a7cdeea5a0bf9f4a74b62b661253b42f263c146ae4f986398f8c60c44dee4cb6ea23ce21bfc06b89acee33b47ab338d71e1aaee37de2d0b52b6cf

Download Submit
memory/244-311-0x00007FF6E4DB0000-0x00007FF6E51A1000-memory.dmp

Filesize
3.9MB

Download
memory/448-318-0x00007FF7ECF20000-0x00007FF7ED311000-memory.dmp

Filesize
3.9MB

Download
memory/516-484-0x00007FF7351D0000-0x00007FF7355C1000-memory.dmp

Filesize
3.9MB

Download
memory/544-356-0x00007FF78EE50000-0x00007FF78F241000-memory.dmp

Filesize
3.9MB

Download
memory/628-28-0x00007FF7D47E0000-0x00007FF7D4BD1000-memory.dmp

Filesize
3.9MB

Download
memory/644-40-0x00007FF733860000-0x00007FF733C51000-memory.dmp

Filesize
3.9MB

Download
memory/760-437-0x00007FF71B630000-0x00007FF71BA21000-memory.dmp

Filesize
3.9MB

Download
memory/832-388-0x00007FF6E21F0000-0x00007FF6E25E1000-memory.dmp

Filesize
3.9MB

Download
memory/864-515-0x00007FF726880000-0x00007FF726C71000-memory.dmp

Filesize
3.9MB

Download
memory/1236-446-0x00007FF7F3170000-0x00007FF7F3561000-memory.dmp

Filesize
3.9MB

Download
memory/1292-92-0x00007FF6F37E0000-0x00007FF6F3BD1000-memory.dmp

Filesize
3.9MB

Download
memory/1408-431-0x00007FF798A40000-0x00007FF798E31000-memory.dmp

Filesize
3.9MB

Download
memory/1472-322-0x00007FF770280000-0x00007FF770671000-memory.dmp

Filesize
3.9MB

Download
memory/1492-9-0x00007FF67A8E0000-0x00007FF67ACD1000-memory.dmp

Filesize
3.9MB

Download
memory/1604-62-0x00007FF770880000-0x00007FF770C71000-memory.dmp

Filesize
3.9MB

Download
memory/1812-284-0x00007FF733870000-0x00007FF733C61000-memory.dmp

Filesize
3.9MB

Download
memory/1904-422-0x00007FF76BDB0000-0x00007FF76C1A1000-memory.dmp

Filesize
3.9MB

Download
memory/1980-470-0x00007FF7EDA70000-0x00007FF7EDE61000-memory.dmp

Filesize
3.9MB

Download
memory/2052-69-0x00007FF6C05C0000-0x00007FF6C09B1000-memory.dmp

Filesize
3.9MB

Download
memory/2072-497-0x00007FF735570000-0x00007FF735961000-memory.dmp

Filesize
3.9MB

Download
memory/2188-86-0x00007FF7CA810000-0x00007FF7CAC01000-memory.dmp

Filesize
3.9MB

Download
memory/2220-82-0x00007FF7F2900000-0x00007FF7F2CF1000-memory.dmp

Filesize
3.9MB

Download
memory/2248-59-0x00007FF77DE10000-0x00007FF77E201000-memory.dmp

Filesize
3.9MB

Download
memory/2356-76-0x00007FF725F70000-0x00007FF726361000-memory.dmp

Filesize
3.9MB

Download
memory/2408-302-0x00007FF7C9850000-0x00007FF7C9C41000-memory.dmp

Filesize
3.9MB

Download
memory/2452-419-0x00007FF6F1410000-0x00007FF6F1801000-memory.dmp

Filesize
3.9MB

Download
memory/2464-480-0x00007FF634F00000-0x00007FF6352F1000-memory.dmp

Filesize
3.9MB

Download
memory/2712-489-0x00007FF78DBD0000-0x00007FF78DFC1000-memory.dmp

Filesize
3.9MB

Download
memory/2748-267-0x00007FF6B6310000-0x00007FF6B6701000-memory.dmp

Filesize
3.9MB

Download
memory/2820-401-0x00007FF61F730000-0x00007FF61FB21000-memory.dmp

Filesize
3.9MB

Download
memory/2836-508-0x00007FF6EAC20000-0x00007FF6EB011000-memory.dmp

Filesize
3.9MB

Download
memory/3036-316-0x00007FF70DE40000-0x00007FF70E231000-memory.dmp

Filesize
3.9MB

Download
memory/3040-78-0x00007FF79F3E0000-0x00007FF79F7D1000-memory.dmp

Filesize
3.9MB

Download
memory/3068-17-0x00007FF7E4700000-0x00007FF7E4AF1000-memory.dmp

Filesize
3.9MB

Download
memory/3212-268-0x00007FF7A7AC0000-0x00007FF7A7EB1000-memory.dmp

Filesize
3.9MB

Download
memory/3348-395-0x00007FF643F50000-0x00007FF644341000-memory.dmp

Filesize
3.9MB

Download
memory/3416-347-0x00007FF655EA0000-0x00007FF656291000-memory.dmp

Filesize
3.9MB

Download
memory/3420-314-0x00007FF788280000-0x00007FF788671000-memory.dmp

Filesize
3.9MB

Download
memory/3452-486-0x00007FF7E42B0000-0x00007FF7E46A1000-memory.dmp

Filesize
3.9MB

Download
memory/3492-315-0x00007FF74CE30000-0x00007FF74D221000-memory.dmp

Filesize
3.9MB

Download
memory/3504-286-0x00007FF6A8970000-0x00007FF6A8D61000-memory.dmp

Filesize
3.9MB

Download
memory/3792-424-0x00007FF6B9350000-0x00007FF6B9741000-memory.dmp

Filesize
3.9MB

Download
memory/3956-362-0x00007FF6D2790000-0x00007FF6D2B81000-memory.dmp

Filesize
3.9MB

Download
memory/4060-443-0x00007FF7BA090000-0x00007FF7BA481000-memory.dmp

Filesize
3.9MB

Download
memory/4112-67-0x00007FF7C08C0000-0x00007FF7C0CB1000-memory.dmp

Filesize
3.9MB

Download
memory/4340-265-0x00007FF6283D0000-0x00007FF6287C1000-memory.dmp

Filesize
3.9MB

Download
memory/4360-1-0x0000023F80CC0000-0x0000023F80CD0000-memory.dmp

Filesize
64KB

Download
memory/4360-0-0x00007FF6A80C0000-0x00007FF6A84B1000-memory.dmp

Filesize
3.9MB

Download
memory/4428-490-0x00007FF7A90C0000-0x00007FF7A94B1000-memory.dmp

Filesize
3.9MB

Download
memory/4460-273-0x00007FF71E3D0000-0x00007FF71E7C1000-memory.dmp

Filesize
3.9MB

Download
memory/4504-320-0x00007FF6FC350000-0x00007FF6FC741000-memory.dmp

Filesize
3.9MB

Download
memory/4512-502-0x00007FF6FBC40000-0x00007FF6FC031000-memory.dmp

Filesize
3.9MB

Download
memory/4624-495-0x00007FF6BF1A0000-0x00007FF6BF591000-memory.dmp

Filesize
3.9MB

Download
memory/4652-509-0x00007FF7D21A0000-0x00007FF7D2591000-memory.dmp

Filesize
3.9MB

Download
memory/4664-376-0x00007FF632CF0000-0x00007FF6330E1000-memory.dmp

Filesize
3.9MB

Download
memory/4708-55-0x00007FF7E1D50000-0x00007FF7E2141000-memory.dmp

Filesize
3.9MB

Download
memory/4804-461-0x00007FF7D08F0000-0x00007FF7D0CE1000-memory.dmp

Filesize
3.9MB

Download
memory/4808-511-0x00007FF79E710000-0x00007FF79EB01000-memory.dmp

Filesize
3.9MB

Download
memory/4896-317-0x00007FF707090000-0x00007FF707481000-memory.dmp

Filesize
3.9MB

Download
memory/4952-468-0x00007FF6C0F90000-0x00007FF6C1381000-memory.dmp

Filesize
3.9MB

Download
memory/4984-507-0x00007FF726DB0000-0x00007FF7271A1000-memory.dmp

Filesize
3.9MB

Download
memory/5008-415-0x00007FF6A0220000-0x00007FF6A0611000-memory.dmp

Filesize
3.9MB

Download
memory/5048-334-0x00007FF7B6AF0000-0x00007FF7B6EE1000-memory.dmp

Filesize
3.9MB

Download
memory/5056-64-0x00007FF74BD60000-0x00007FF74C151000-memory.dmp

Filesize
3.9MB

Download
memory/5084-492-0x00007FF712020000-0x00007FF712411000-memory.dmp

Filesize
3.9MB

Download